18 docs tagged with "ciso"

What an access path is, how it is materialised from the entity graph, the flat API endpoints, and how the detail page surfaces risk, ownership, and remediation. Includes proposed identity-scoped grouping design (not yet shipped).

Strategic review of the 'Authority Path' concept after the Primer shift (execution-determined, not configuration-determined)

Executive-level summary and two-page business overview of how SecurityV0 operates inside a client environment, focused on governance outcomes, risk reduction, and operating cadence

CISO perspective on Round 1 automation classification: pre-ingest filtering of 77 of 92 entities is a defensible Phase 1 optimization but unacceptable as permanent architecture. Mandate: ingest everything, filter in UI.

CISO perspective on Round 3 automation-persistence analysis: chain-level temporal tracking is compliance-critical (cannot answer 'how did this automation's blast radius change in 90 days' without it).

CISO perspective on Round 2 execution-flow analysis: six security blind spots in the AzureGraphRouter display and the seven elements required for a credible cross-system automation security review.

Round 2 CISO executive review of SecurityV0 platform — visual screenshot-based evaluation against March 19 snapshot.

CISO executive review of SecurityV0 platform — 70% CISO-ready, up from 45% on March 3.

Gap analysis correlating live v0.2 UI screenshots (from automated QA) against Notion-synced product specs (Clarity, UX feedback)

Sprint priority #1 plan: restructure overview, cluster-detail, and authority-path-detail surfaces to answer the three CISO questions (what happened, am I exposed, what should I do) within five seconds.

Round 5 CISO analysis on what entity type Business Rules, Script Includes, REST Messages, OAuth Profiles, Flow Designer Flows, and Scheduled Jobs should actually be in the SecurityV0 data model

Product-level analysis of whether Business Rules, Script Includes, REST Messages, OAuth Profiles, Flow Designer Flows, and Scheduled Jobs should remain classified as entity_type 'identity' or be re...

Prioritized implementation plan derived from 5-agent platform review. Maps to Sergey's March 13 sprint email priorities. Includes effort estimates, file locations, and acceptance criteria for each fix.

Combined findings from 5 parallel AI review agents evaluating SecurityV0 against Notion-synced product specs and live production data. Mapped to March sprint priorities.

Round 2 multi-perspective platform review — 7-agent visual review against 2026-03-19 snapshot. First validated MPAS-7 baseline with screenshot input. Consolidates both review rounds, Sergey's feedback status, research findings, and the forward path.

Product Owner analysis of how automation execution chains should be modeled relative to OAA (Open Authorization API) entity types

Round 4 CISO analysis evaluating how OAA (Open Authorization API) concepts map to SecurityV0's automation chain modeling

CISO-lens analysis of how the 4-concept separation model (AutomationDefinition, AutomationTopology, AutomationRun, ExecutionEvidenceEvent) aligns with Sergey's W1 product vision and UX specification